[Ohrrpgce] [ohrrpgce/ohrrpgce] Virus scanners raise false alarm on game.exe when a game icon is embedded (#38)
James Paige
notifications at github.com
Mon Sep 6 00:51:18 PDT 2021
Oh, nice!
And the workaround of fixing the checksum with an fb function is clever!
If this is so close to being fixed, I'll hold off on branching hrodvitir
just a little longer, but I think this is the last thing we need.
I'm also going to start begging for release-candidate testing right now-- I
am hoping to keep the RC testing cycle as short as reasonable possible,
since I think the nightly wips are already quite stable, and + releases are
not hard.
---
James
On Sun, Sep 5, 2021 at 12:24 PM Ralph Versteegen ***@***.***>
wrote:
> This is almost solved!
>
> Firstly, rescanning the previous file, the number of detections dropped to
> just 7/66 (including Microsoft and McAfee). But they're detecting it based
> on learning from the previous false positive I think. Embedding an icon in
> a fresh nightly copy of game.exe produces just 2/66 detections, from only
> obscure scanners.
>
> Looking at the rcedit issue tracker I discovered that this problem is
> caused by rcedit not updating the .exe checksum, so I fixed rcedit to do
> so, solving the problem! 0/66 detections.
>
> However I compiled rcedit using Visual Studio 2019 using the "v141_xp"
> toolchain which supposedly targets Windows XP. Unfortunately, it doesn't
> actually
> <https://developercommunity.visualstudio.com/t/visual-studio-1692-breaks-windows-xp-targeting/1383023>,
> the compiled rcedit.exe doesn't run on Win XP, even when statically linking
> the C runtime. It looks like I would have to install a copy of VS 2015
> together with another toolchain and Windows SDK, what a nightmare.
> Maybe I'll just write a 10-line FB function to compute and set the
> checksum (which is far simpler than doing it using the winapi checksum
> function!) I might need such a utility anyway for embedding data files in
> game/custom.exe.
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub
> <https://github.com/ohrrpgce/ohrrpgce/issues/38#issuecomment-913183531>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AA2IR6KM4T66TXI76LQ2B4LUAOJQTANCNFSM4IQ3INFA>
> .
> Triage notifications on the go with GitHub Mobile for iOS
> <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
> or Android
> <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
>
>
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ohrrpgce/ohrrpgce/issues/38#issuecomment-913427738
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.motherhamster.org/pipermail/ohrrpgce-motherhamster.org/attachments/20210906/78a7bcbc/attachment-0001.html>
More information about the Ohrrpgce
mailing list